On Thu, Dec 18, 2014 at 12:48 PM, Diagon <[email protected]> wrote: > Reading through the manual, I'm finding mysterious mention of the use of > crypto with grub. eg. section 11.1, "How to specify devices" mentions > (crypto0) or (cryptouuid/xxxxxxxxxxx) specifications. > > http://www.gnu.org/software/grub/manual/grub.html#Device-syntax > > I'm also seeing modules in my /boot/grub (Ubuntu) that are undocumented in > the manual, but include "crypto.mod" and a "gcry_xxxx.mod" that indicate > many crypto operations. > > I am used to having to unlock crypto disks through user-space operations > that take place through programs that are embedded in an initramfs, so I'm > curious about what all these modules do or what use specifying crypto > devices might be. Can someone direct me to documentation?
"info grub" will give you the manual for the version of grub you have installed, which is likely more recent than grub 2.00 and contains some info about LUKS and GELI support. Grub can read files from LUKS and GELI volumes, but only FreeBSD's kernel currently has a protocol for passing credentials from grub to the kernel, so if you're using GNU/Linux and you use grub's LUKS support to read your kernel from your LUKS encrypted root, you will need to enter your password twice at boot: Once for grub, and again for linux. It rarely makes sense to encrypt /boot/ though, as there shouldn't be anything sensitive in /boot/ (the kernel sources that your kernel was built from are already public). > > More generally, there are a bunch of other modules in my /boot/grub that are > undocumented. I'd like to know more about what they do. There isn't currently a list of what every grub module does. If you volunteer to improve the documentation I'd be happy to help you get all of the information to do so, but unless it's going to lead to better documentation I don't have the motivation to do so (maybe someone else will) and I'm not currently motivated enough to write that documentation myself. (Not to mention that there are other areas I'd rather be documenting first if I were to jump into documentation again.) If you are willing to help update the documentation that would be very appreciated. While it's improved recently, grub's documentation could still use a lot of help. > > Thanks! > /D > > _______________________________________________ > Help-grub mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/help-grub > _______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
